CVE-2014-2062

Published October 17th, 2014

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.

jenkinsci/jenkins

Jenkins automation server

GitHub

25.3K